Regulations on the collection and use of individual information
HyperSwap Foundation (hereinafter “the company”) has regulations on the collection and use of individual information as following, to protect individual information and rights of users in accordance with the Individual Information Protection Act, and to proceed the problem of users related to individual information smoothly. “Regulations on the collection and use of individual information” means the regulations that the company must comply with, in order to protect the valuable individual information of the users and to make the users to use the services securely.
1. Processing purpose of individual information
The Company processes the individual information for the following purposes. The individual information being processed shall not be used for purposes other than the following, and when the purpose of use is changed, it will be implemented the necessary measures, such as obtaining the separate consent of the information body according to relevant laws.
(1) Individual information is processed for the purpose of homepage membership subscription and confirmation of subscription intention, individual identification and authentication according to service provision, maintenance and management of membership authority, prevention of illegal use of service, various notices and notification, complaint handling, preservation of records for dispute settlement and etc.
(2) Individual information is processed for the purpose of providing services or goods, providing contents, providing customized services, self-certification, age certification, payment and adjustment.
(3) Individual information is processed for the purpose of utilization for marketing and advertising, developing new services (product) and providing customized services, providing event and advertisement information and participation opportunities, validating the service, grasping access frequency or statistic calculating for member’s service use.
(4) Individual information is processed for the purpose of investigation of accidents, such as hacking/fraud, notification of its result, and provision of materials for fulfilling obligations under other laws.
2. Collection and preservation period of individual information
The company is handling individual information items as follows:
(1) Individual information items (Essential items)
E-mail, mobile phone number, password, login ID, gender, date of birth, name, wallet information (information automatically generated during service use process or business process), service usage log, access log, cookie, access IP information, payment records (in case of identification), a copy of identification card (the information other than date of birth is provided as blank) are provided.
(2) Collection method
① When signing up on the homepage, or in case that the member directly enters information during checking identity, the information is collected.
② Individual information is collected by written document in offline events, seminars and etc.
③ Individual information of the user can be collected by prior consent through web page, e-mail, fax, phone and etc., during the consultation process.
④ Generated information such as device information can be automatically generated and collected during the process of using the PC web or mobile web (access IP information, cookie, service usage log, access log, etc.).
(3) Preservation basis member’s consent (Consent of legal representative when collecting individual information for children under 14 years old)
(4) Preservation period Until withdrawal of user’s request and individual information consent. However, when the company has a record of fraudulent use or misuse by a member according to the terms and conditions of the company, nevertheless the withdrawal of the user’s request and the individual information consent, it will be kept for 5 years from the point of collection, and then destroyed.
(5) Nevertheless the regulation on collection and use of individual information of the company, the information which should be kept by the following relevant laws shall be kept for the period specified in the laws. The below examples of law is in accordance with the laws of Republic of Korea, and may apply the other standards, according to the laws of the country in which the company and its members reside.
① Preservation basis of individual information (Log-in record) related to the use of service: Act on Protection of Communications Secrets
・ Preservation period: 3 Months
② Preservation basis of record on sign/advertisement: Act on protection of consumer in E-Commerce.
・ Preservation period: 6 Months
③ Preservation basis of record on contract or withdrawal of application: Act on protection of consumer in E-Commerce.
・ Preservation period: 5 Years
④ Preservation basis of record on payment and providing of goods: Act on protection of consumer in E-Commerce.
・ Preservation period: 5 Years
⑤ Preservation basis of record on claims of consumer or dispute settlement: Act on protection of consumer in E-Commerce.
・ Preservation period: 3 Years
⑥ Preservation basis of record on E-commerce: Act on Electronic Financial Transaction
・ Preservation period: 5년
3. The rights and duties, and its exert methods of the information object
User, as an individual information object, may exercise the rights as follows:
(1) The information object may exercise the individual information related rights of below each item against the company at any time.
① Request to view on individual information
② When there is an error, requests to correct
③ Request to delete
④ Request to stop the process
(2) The exercise of the rights according to paragraph 1 may be performed via e-mail and etc., in accordance with the form according to the relevant laws, and the company shall take a measure without delay.
– Person in charge: JUNG KIL SANG
– E-Mail: email@example.com
(3) When the information object requests the correction or deletion of false in individual information, the company will not use the individual information or provide it to a third party until the correction or deletion is completed.
(4) The exercise of the rights according to paragraph 1 may be performed through an agent, such as legal representative of the information object or an authorized person.
(5) The exercise of rights according to paragraph 1 may be restricted when the individual information is specified in another statute to be collected or preserved.
(6) The company confirms whether the person who exercised the right of paragraph 1 is a person or a legal agent.
4. Third party provision of individual information and entrustment of individual information processing
The Company handles individual information of the information object only within the scope specified in Article 1, Only when permitted by relevant laws, such that that there is the consent of the information object or a basis provision under the law, the company provides individual information to third parties.
5. Destruction of individual information
When individual information becomes unnecessary, such as the elapse of the individual information preservation period, the achievement of the purpose of processing, the company destroys the individual information without delay. The procedure and method of destruction are as below. However, when the company acquires the consent of the user for the period of keeping the individual information, or imposes the obligation to keep the information for a certain period in the laws, the individual information shall be safely kept during that period.
(1) Destruction procedure
The information entered by the user is transferred to a separate DB (separate documents in the case of paper) after the completion of the purpose, and is stored for a certain period of time or destroyed at once according to internal regulations and other related laws.
At that time, the individual information transferred to the DB is not used for other purposes, unless under the law.
(2) Destruction method
Information in the form of electronic files uses technical methods that cannot reproduce the record. Individual information printed on paper is crushed by a shredder or destroyed by incinerator. When company obtained separate consent for the storage period of individual information, or a customer withdraws or expired, the company preserves individual information for five years from the date of termination of use contract to prevent abuse of rights, misuse prevention, and to prepare for various disputes.
6. Ensuring the safety of individual information
According to individual information protection related laws, the company is taking the technical, administrative and physical measures required to ensure safety as follows:
(1) In order to prevent leakage and damage of individual information by hacking or computer virus, the company installs security program, periodically updates and inspects the system, and installs the system in a access controlled area from the outside, is monitoring and blocking the system in technically and physically.
(2) Encryption of individual information. As the user’s password is stored and managed with encrypted form, the user only can know it, and important data is using separate security functions, such as encrypting the file and the transmission data, or file lock function.
(3) The company takes necessary measures for controlling the access to individual information, through the granting, modification and deletion of access rights to the database system handling individual information, and uses intrusion prevention system to control unauthorized access from outside.
7. Items on installation, operation and rejection of individual information automatic collection device
Use purpose of cookies
Providing targeted marketing and personal customized service through analysis of user’s access frequency and time of visit, understanding of user’s taste and interesting fields, traceability, understanding of attendance degree for various events and number of visits.
Method to refuse cookie settings
Users have the option to install the cookie. Therefore, the user can set option in the web browser to allow all cookies, or to check every time a cookie is saved, or to refuse to save all cookies. However, when refusing to install cookies, it may be difficult to use some services requiring log-in.
8. Individual information protection manager
To be responsible for the handling of individual information and deal with individual complaints related to the processing of individual information and relief the damage, the company assigns the individual information protection manager as follows:
Individual Information protection manager
・ Name: JUNG KIL SANG
・ Contact: firstname.lastname@example.org
・ Job Title: ASSISTANT DIRECTOR
(1) Users may contact to individual information protection manager and department in charge of handling individual information protection, complaint handling, and damages relief, when using company service (or business). The company shall answer and handle inquiries for the information object without delay.
(2) It is the user’s responsibility to maintain the security of the ID and password related to the user’s individual information. Because the company does not ask the user directly about the password in any way, please pay careful attention to prevent the password from being leaked to the other person. Particularly, please pay more attention when you access online in a public place.
(3) Even though all possible technical supplementary measures by the company, the company is not responsible for damage of information due to unexpected accidents caused by network dangers, such as hacking using state-of-the-art technologies.
(4) Nevertheless of the regulations on the collection and use of individual information, the company may provide such information according to a court order when it is obliged to provide individual information under the United Arab Emirates Act.
9. Change of individual information processing policy
This regulation on the collection and use of individual information shall apply from the effective date, when there are additions, deletions and corrections of changes in accordance with laws, those will be notified through notice items from 7 days prior to the enforcement of change.
10. Relief method of rights Infringement
The information object can contact the individual information infringement reporting center, the prosecution/police cyber-criminal related investigation agencies and etc., for damage relief and counseling against infringement of individual information.
This regulation on collection and use of individual information will be effective on January 1st, 2019.